US Government Warns of North Korean Hacking

Technical Alert Highlights Signs of Compromise Across Sectors

The U.S. government on Wednesday issued its most direct and technically detailed advisory about North Korea’s hacking activity to date, warning that the country continues to target U.S. media, aerospace, financial and critical infrastructure sectors.

The technical alert, distributed by the U.S. Computer Emergency Readiness Team, with analysis from the FBI and the Department of Homeland Security, intends to help organizations “enable network defense activities and reduce exposure” to Hidden Cobra, its nickname for North Korean hackers.

Since 2009, U.S. CERT says, North Korea has “leveraged their capabilities to target and compromise a range of victims.”

“DHS and FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives,” the alert says.

Meanwhile, the National Security Agency has “moderate confidence” that WannaCry, the virulent ransomware that infected at least 200,000 computers worldwide in early May, is linked to North Korea, according to The Washington Post.

One Group, Many Names

Security companies have long suspected North Korea may have been behind disruptive and espionage-related attacks on South Korea stretching back to 2009. The North Korean hacker group has various monikers, including DarkSeoul, Lazarus Group, the Guardians of Peace, Silent Chollima and Bureau 121.

But intense studies of more recent attacks by the U.S. government and researchers have contributed to a belief that North Korea has developed a potent cyber capability.

Continue reading…